[Unit]
Description=Prometheus
After=network-online.target

[Service]
Type=simple
Environment="GOMAXPROCS={{ ansible_processor_vcpus | default(ansible_processor_count) }}"
User=prometheus
Group=prometheus
ExecReload=/bin/kill -HUP $MAINPID
ExecStart={{ software_install_path }}/prometheus/prometheus \
  --config.file={{ prometheus_conf_path }}/prometheus.yml \
  --storage.tsdb.path={{ prometheus_tsdb_path }} \
{% if prometheus_version is version('2.7.0', '>=') %}
  --storage.tsdb.retention.time={{ prometheus_storage_retention }} \
  --storage.tsdb.retention.size={{ prometheus_storage_retention_size }} \
{% else %}
  --storage.tsdb.retention={{ prometheus_storage_retention }} \
{% endif %}
  --web.listen-address={{ prometheus_web_listen_address }} \
  --web.external-url={{ prometheus_web_external_url }}{% for flag, flag_value in prometheus_config_flags_extra.items() %}\
  --{{ flag }}{% if flag_value %}={{ flag_value }}{% endif %} {% endfor %}

CapabilityBoundingSet=CAP_SET_UID
LimitNOFILE=655350
LockPersonality=true
NoNewPrivileges=true
MemoryDenyWriteExecute=true
PrivateDevices=true
PrivateTmp=true
ProtectHome=true
RemoveIPC=true
RestrictSUIDSGID=true
SyslogIdentifier=prometheus
Restart=always

[Install]
WantedBy=multi-user.target